Posted
by
samzenpus
on Wednesday February 07, 2007 @09:00PM
from the money-well-spent dept.

narramissic writes "According to recent research by the U.S. military and CERT, workers who sabotage corporate systems are almost always IT workers who are disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly."

Interesting article. Unfortunately since most companies never wise up about security, its probably in the companies best interest to recognize the needs of IT workers instead of being even more paranoid about them. I used to work as a system administrator at a company where most of us where disgruntled due to the lack of progress of the company and poor leadership, then things got worse when the new owner of the company stopped trusting the admins for no good reason. This created a situation where long time employees started taking the attitude of "This company wouldn't survive for a month without me here". Amazingly, companies like this do survive the departure of their best employees.

The following exerpt from the article is pretty telling:Macleod concluded: "So as far as doing the right thing, I'd suggest that you start from the basis that your IT staff are the biggest risk to your organization's security, and if anyone of them disputes this, remember that arguing with colleagues was one of the clear signs of an impending attack."

Basically, if management accuses IT of being a huge risk, and their IT staff is actually honest and dependable, should they stand up for themselves, that's a sign that you should trust them even less??

This is bunk.
How many disgruntled Automotive Industries went on a shooting spree and NEVER gave any signs? Most. Same for the classic Postal Workers...
And what about the guy in Office Space?

Actually when they've investigated, it turns almost every disgruntled shooter DID give signs beforehand. It was just that most co-workers, manager, and neighbors ignored the signs or were clueless that they were significant. People almost never just 'snap' and become violent - usually there's a predictable series of escalating steps that they go through before that point. There's an excellent book, "The Gift of Fear" by Gavin De Becker, that goes into how to predict who will become violent at work. One of his main points is that when we find someone 'creepy', it's actually an early warning system that they're likely to be a danger. However due to social conditioning, people usually ignore their gut feelings which is a mistake. He also helped develop the model that the Secret Service uses to decide whether people who have made threats are probably harmless or likely to eventually commit violence.

One of his main points is that when we find someone 'creepy', it's actually an early warning system that they're likely to be a danger. However due to social conditioning, people usually ignore their gut feelings which is a mistake. He also helped develop the model that the Secret Service uses to decide whether people who have made threats are probably harmless or likely to eventually commit violence.

It's deeper than that. This is fundamentally due to the religion of absolute egalitarianism.

Yet, 25% of black males between the ages of 18 and 35 are convicted felons....there is a strong chance he really IS a criminal.

I can't back this up with a study (you didn't back your stat up, so it's fair game), but it seems obvious that people who post to Slashdot are several TIMES more likely to be involved in computer crime than the average American (they have a high degree of technical knowledge, and often an outsider social perspective). So I agree. Let's do away with all of this "innocent until p

Uhm...most people do give warning signs, the fact that they are ignored doesn't mean they weren't there. Of coarse everyone interviewed says "Well he seemed nice and stable, we had no idea" That is likely because they didn't talk to that person more than the bare minimum required to get the job done. As aweful of a concept as it seems to be these days, its called getting involved with your people. It IS the supervisors responsibility to know more about his subordinates than just job performance, its cal

And what about cause and effect?If you've got the kind of work environment that disgruntles and demotivates your employees, it's vastly more likely that one of them will be pissed off enough to steal from the company.

I'd never do something as unprofessional as sabotage, but I've worked for companies before that made me "disgruntled" and "paranoid". Praise invariably passing up the chain and blame dripping downwards will do that to an organisation. Given this it's hardly surprising that demotivated people

Don't worry. I guarantee you'll regret being such an jerk to people when you're passing middle age and you've got mountains of "stuff" to your name but not a real friend in the world.

That's not the choice. People of this makeup chose between having lots of stuff and no friend versus having few things and no friends. Maybe they'll wise up enough to regret being a jerk, but it's not a given IMHO.

Maybe you ought to get some experience first. I can't say much about the rest of the paragraph, but it sounds to me like your friends don't tirelessly work to bail you out of problems of your own making (eg, bar fights).

Don't get deluded you can rely on anyone but yourself when times get tough. Pack your own parachute.

Good advice, but we don't only want friends around when times get tough.

For example, jobs. With two similar resumes, who is going to be taken for a position,

Does your company give out a "sociopathic manager of the year" award, too?

Don't worry. I guarantee you'll regret being such an jerk to people when you're passing middle age and you've got mountains of "stuff" to your name but not a real friend in the world.

_If_ he's a sociopath (you can't diagnose that from just one message), it just doesn't work that way. You're making the usual mistake of assuming that all humans are essentially, well, equally human and you only need appeal to someone's humanity/feelings/moral-sense/flash-of-enlightenme nt to thaw even the coldest heart. We like to think that assholes are just the result of some trauma making them retreat behind a facade of callousness, and it only takes some emotional argument to get them out of that shell. Which makes great for great novels movies, but isn't what psychiatry tells us.

Sociopathy is, simply put, completely lacking the empathy and connection to other humans. It's being the only human in a single-player world full of generic NPCs. They're not your peers, they don't matter, their feelings don't matter, they're there just to be used, abused, manipulated, lied to, whatever gets you closer to your objectives.

Think of your relationship to NPCs in a computer game. Do you really care what that generic NPC in Oblivion or GTA feels or thinks? Do you care if he/she had a bad day, or if his/her kid is sick? Would you feel any sense of accomplishment of having him/her as a friend? Would you feel bad for clicking on a complete lie dialogue choice just to finish a quest? Would you even really think of them as a "he" or a "she", or more along the lines of "it"? I mean, don't be silly, it's just a game and just a scripted NPC. Right?

Well, in a nutshell that's the kind of world that a sociopath lives in. You can't even be seen as a friend by one. You're at most a sucker to be used for a purpose, even if that purpose is a few minutes of entertainment.

So expecting that one would wake up one day and think "man, I wasted my life, I should have made friends" is naive. That's the kind of notion that doesn't even compute in their world. Or not for the same meaning of "friend" that you'd use.

Don't worry. I guarantee you'll regret being such an jerk to people when you're passing middle age and you've got mountains of "stuff" to your name but not a real friend in the world.

Um, who said that his employees had to be his friends? He could have alot of outside of work friends with the same habits or toys that he has. His employees won't belong to his social set. Friends in his social circle could help in job leads or networking contacts that could help a family member start off making more than his e

"IT espically, they are a dime a dozen andthere is 6 of them out there waiting to take the one job."

That's because people go into IT because "they heard it was a good field to get into".

The people who are good at IT are hard to replace and are usually rewarded that way. There's no doubt that when you break into the field it's rough. But that's when you distinguish yourself. Your hard work didn't stop the day you graduated from a university... oh wait... you didn't go to a University?

Okay, let's start at the beginning:

1) The IT field is littered with has-been's, wanna-be's and never-was-es. Don't be one of those. How?2) Show a commitment. Get a degree from a University. Doesn't matter what it is; if you're smart, you turn that to your advantage. If you want to be involved in the business, get a degree in business with a lot of programming courses. If you want to be involved primarily in the bits and bytes, get a degree more closely related to Computer Science. Information Management can be useful too, although the too are not at all similar. I have a computer science degree, my wife has an information management degree. I'm the director of architecture at a fortune 1000, she's a program manager at a fortune 2000.3) Where's the Sysadmin paths? Unfortunately, the days of the Unix Admin with infinite knowledge have all passed. Well, not all. There are a few old timers left. God bless them, love them to death. They're really smart, and those last few guys get paid a lot. The rest? A dead end job. It puts food on the table. It's better than working at Wal-Mart.4) All the good jobs in IT require that you start as a programmer. No exceptions. If you're not good at programming, you don't belong in IT.5) Set your sights on moving up. You don't want to be the 45 year old programmer. Not unless you're so good that people just leave you alone to develop. If you're not sure you're that good, then you aren't. If you are that good, you can tell because your boss never hassles you about your hours, or anything. They let you alone because you're the goose laying the golden egg. God bless you. You are the heart and soul of this industry.6) You've got to pay your dues in IT, and you may move around some. Changing jobs every 9 months guarantees you'll be a 50 year old programmer some day who knows VB6 really well and suddenly finds themselves without work.7) Get better all the time. Read read read. Be energetic.8) Understand the business you're in. Unless you aspire to #5. Push for ways to improve the business. And that doesn't include suggesting changes to the SCM.9) Develop a 6th sense about what will help your career. Usually that goes hand in hand with helping the business but not always. When the two diverge, it might be time to leave. You don't want to be the 60 year old programmer who is good at FORTRAN on VAX. If I have to explain this to you, then you shouldn't be looking for a job in IT.10) If you don't love this field, if you don't go into work in the morning because you can't imagine not doing it, then you don't belong in this field.

I think you hit some really good points but completely missed the correct mindset to have for the general populace.I'm the director of operations for our company and definately would not hire you with that attitude.

IT is NOT about University Degrees, sorry but 9 out of 10 people that go to college for this industry are the ones who don't belong here. Naturals are the best in this industry plain and simple, the kid who goes home every day and spends 6 hours a night learning on his own are the ones with the

You know, after I left my old department I instructed the manager to assign a new local admin, and to have that person remove my access to the NetApp and server.Two years later I get to thinking how I never got an e-mail from anyone...log into the server and presto! access. Well, I think, maybe they left my user rights because I have a homedir there... Nope! I can still access admin and privileged functions. I have to admit that the thought occoured to me to drop the ACL for everyone and claim ignorance,

the users fuck up one computer, or maybe even introduce a virus to their office, a malicious IT worker could be quietly poisoning backup tapes for months, or better yet, configure the backup and restore system to use encryption reading the key off a USB key plugged into the back of the machine, when he quits he takes the usb key, or wipes it, and all that data becomes a pile of useless bits

Let's see... the study shows that people who are fired generally are considered by their employers to have performed poorly...

This is groundbreaking!

And while we're at it: How many employees who do NOT sabotage corporate systems "are disgruntled", "are paranoid", "generally show up late", and/or "argue with colleagues"?

Last time I looked:

- A large fraction of the best IT people often work late, for any or all of several reasons: They prefer it, they need to work when load is light to minimize impact on business processes, fixing what the users broke during the day skews the time of their peak workload to later than that of the mainstream users, etc.

They often work more than a normal workday - but they'd have to work two shifts every day and only take time out for sleep, in order to come in bright and early to impress the suits who read this "study". But any sane IT professional will take advantage of flex time and come in late instead.

Programmers and other IT professionals coming in late has been a stereotype since computers used vacuum tubes. (I know because I was there and was one of many who created it. B-) )

- "Argue with colleagues"? Maybe yes-maning works in the executive suite. But when a crew of experts is chasing down a problem there will be a slew of hypotheses tried and discarded, with different workers coming up with different hypotheses and evidence to falsify them. To an outsider this looks like an argument, when it's actually progress. Experts will also often have differing opinions and will discuss them - ditto.

(I recall one company where upper-level executives quietly added themselves to an engineering internal mailing list. There we discussed the latest problems - often heatedly - until they were solved. When one was solved the traffic on THAT problem stopped cold and another would take its place. To the suits it looked like a disaster, when in fact the project was on time, within budget, exceeding targets, and still looked like it would have been a quantum leap when delivered - if the company hadn't suddenly shut it down...)

- "disgruntled"? With the continuing budget shortfalls, IT resource expansion always lagging company growth, lusers opening virus email,... I have yet to meet a "gruntled" IT professional.

- "paranoid"? (I presume we're talking the folk etymology, not clinical paranoia.) IT, like other forms of engineering, is an exercise in staying at least one step ahead of Murphy's Law. If an IT professional isn't "paranoid" he's not doing his job.

Watch the suits who saw this start canning their best IT people - zero-notice style. (That's where the employee arrives at work to find his cardkey doesn't work his passwords are rescinded, and he is escorted to HR where he is handed two weeks pay in lieu of notice, a box containing anything from his desk that the company didn't think was theirs, and a threatening document in lawyerese, and then kicked out of the building.)

And of course the fired employees will be blamed when the network starts to go to hell when the remaining people can't apply duct tape and chewing gum fast enough or the next rash of malware gets past the firewall.

= = = =

This reminds me of the "profiles" of school-age mass-murderers: They're always described as loners and introverts who don't get along with others in their school. In other words, just like all the nerds who get pounded on by the jocks and snubbed by the cheerleaders and queen-bees and react by withdrawing from contact with the "beautiful people" cliques. And every time one of these "studies" come out the administrators (generally former "beautiful people" themselves) dump on the nerds and side with the jocks that much more...

Watch the suits who saw this start canning their best IT people - zero-notice style. (That's where the employee arrives at work to find his cardkey doesn't work his passwords are rescinded, and he is escorted to HR where he is handed two weeks pay in lieu of notice, a box containing anything from his desk that the company didn't think was theirs, and a threatening document in lawyerese, and then kicked out of the building.)

Interesting. This happened to me on monday. Being the lead security analyst for th

Wow. That's odd. I would've figured IT workers who sabotage corporate systems would be the workers who are happy, secure, generally show up on time, work well with colleagues, and generally perform superbly. Goes to show you that logic doesn't always pay off. (I'm ready for the Troll/Flamebait mod guys:)

Well, I think those are just symptoms of some nasty disease. If you've got people like that onboard - it's important to find out the causes and do what can be done to improve their workday.

I had a boss at (insert large corporation) who disrespected me, never allowed me to be challenged, set me up on a doomed project on my second week of work with people who didn't understand the business - and generally pissed me off. I was cussed out by the CIO and his Italian mobster friend who claimed to be a business manager.

After the second month I would have fit into most of those categories - simply because of the experience I'd had. I decided that my boss didn't deserve anything other than what was in my job description. I proceeded to immerse myself in the codebase, business, and financials. After a couple of months I was answering questions in meetings which the original developers didn't even know.

There on out, I involved myself in other projects, got involved in design and generally worked my way past my boss - though he was still my boss until he was layed off.

In the end, I was one of the architects. All the people who made my life miserable were fired, left, or otherwise shown the door. They caused millions of dollars in losses - and I made the company millions.

As a sysadmin/webmaster at a small company I was involved in the infrastructure and in daily stuff that made money, like doing websites for the company's customers.

At one point I was drawn into an "argument" with colleagues over two things:

1) they needed a new box to run the firewall on. Owners wanted to postpone indefinitely. Sysadmin pressed his point. CEO suspected sabotage or other agenda... in spite of having had a prior avoidable firewall failure take down the network. He decided the sysadmin was crying wolf, or worse.

2): graphic designers and marketing people had proposed, priced and designed a website concept without consulting the guy who was going to code it. There were problems in the executability of the design and an underbid situation.

A technical problem that could be solved with a technical approach, if there were trust. Once again, sysadmin/webmaster "argued" for another approach on technical grounds. Answer: defenses, emotionalism, circle the wagons.

Net result of both contentions: emotionalism, accusations; sysadmin forced to resign.

The firewall did have a hardware failure after about six months; the website proposal flopped and the company lost their major client's web work. Satisfaction for the sysadmin? H**l no. There are no winners in something like this. You need to work with people you can trust and who trust you. This untrusted crap is destroying the very idea of "a good job" and consuming businesses and relationships from within.

You have to be able to air the relative merits of various technical approaches in a respectful, professional way so that what's rational and feasible emerges.

If this is "arguing with colleagues", resulting in an immediate security red-flag and dismissal... how can you have peer review or objective discussions? Worse still, it means we've descended into a totalitarian workplace.

Yup, I've been there. I've been in the IT/Software business for a long time. I demand professionalism - and it's not because I want to be a cocky developer, because I'm not. I put it on my resume because I want to set the expectation that I go to work to do just that - work.I want to get the job done right, and that's it.

The workplace is, limitedly, a totalitarian place - and the only way to rise above it is to not play the human games all the time and stick to the job you were hired to do. Most importa

Yeah, but on the other hand, I match this profile, but have no interest in sabotaging the company. I already get to come in late, bitch at my co-workers, and perform poorly, and get paid well for the privilege. Why would I want to ruin a good thing by committing crimes?

I think the point of this study is that management doesn't have to be paranoid about normal IT people abusing the trust the organization has placed in them. The people truly likely to cause harm will broadcast that fact clearly in advance through egregious behavior.

The thing is that, in a lot of cases, it's a self-fulfilling prophesy.Management is paranoid that the IT people are going to sabatoge them, so they turn the screws on IT. The people in IT become demoralized, shart showing up late, are disgruntled, more likely to snap at management, etc. Eventually one of them may snap and sabatoge the place on their way out.

The real problem, in a lot of cases, starts out with paranoia and territorial pissing matches to see who controls the budget for what and who can make

There are no normal IT people. We are all "special", and DON"T YOU FORGET THAT !!;) Management doesn't really trust IT a lot because they don't understand what IT does, and that's partly our fault for not explaining our job to them in terms they can grasp.

Anyone who broadcasts they are going to cause harm is quite stupid because when harm occurs they get the blame, even if they didn't do it. Perfect cover for the guy who really did the dirty deed.

Cool! A valid conclusion!Unfortunately, I have a hunch that managers fall broadly into two categories:- Those that have both the critical thinking skills to draw that conclusion and the management skills to keep their employees happy so that they don't need it;- Those that, like "Calum Macleod of Cyber-Ark", draw a conclusion with the cause and effect the wrong way around, _and_ bring it to their employees in the form of an ultimatum!;)

"almost always IT workers who are disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly."

Disgrutled = Forced to install Notes
Paranoid = Forced to sit next to Notes Server all day waiting for the memory leak to take over
Late = Due to sleep deprevation from having to go in at 2am to reboot the Notes Server
Argumentative = Caught whispering "Exchange, bitches." under his breath
Poor Performer = Changed Cert ID password to "Fuck Notes"

Do you stick to stating specific technical details, or do you sometimes point out that it is running as fast as it is going to run on the systems you have with that volume of information? Sometimes the obvious...isn't; if he isn't making the connection and you aren't providing it...

Disgruntled = Forced to use Exchange
Paranoid = Afraid Someone will find out about said exchange
Late = Lack of sleep due to World Of Warcraft / Late night programming session
Argumentative = "We don't need a new gazillion dollar server"
Poor Performer = Did 30 jobs in a week and missed the KPI level by 1 as each job was bigger than the beancounters.

The flip side is that the fastest way for management to make a worker into someone who's disgruntled, paranoid, shows up late, argues all the time and performs poorly is to treat them like a potential problem. You're giving people privileged access, either you trust them and thus don't need to worry until after they start showing obvious signs, or you don't trust them in which case why are you giving them privileged access in the first place?

To be honest, I think if you have to worry about abuse of privileged access after termination then you have a more fundamental problem that no access-management system will solve. After all, if you can't trust someone to behave professionally after you've given them their 2-weeks' notice then what makes you think you can trust them to behave professionally before that?

When you are dealing with novices, anything is possible.I remember once at Apple, a co-worker put this compiled executable AppleScript into a user's startup items folder (this was back in the Mac OS 7.x days)

tell application findershut downend tell

The user came in, started up his machine (it was his backup "solitaire" CPU) and it immediately shut down upon launching the Finder.

An hour later, he had the machine apart, and was ready to swap power supplies with a donor machine. We had a good laugh and told him

The last few paragraphs of the article are more-or-less unedited PR hype from a vendor:

"According to security management vendor Calum Macleod of Cyber-Ark..Macleod's solution is password management....'If privileged password management is not on your shopping list in 2007 it may already be too late.'"

This is preceded with a 'people who say you shouldn't buy my product may already be criminals':

"'if anyone of them disputes this, remember that arguing with colleagues was one of the clear signs of an impending attack.'"

I believe we've all seen this recent memo from HR, to all IT department staff: 'Floggings will continue until morale improves!'

But seriously, you could swap IT for any discipline and come up with the same bullet-point: "Study Shows Link Between Grounds Keeping Sabotage, Work Behavior" - so what's the point? Just because I hold your entire work history in my shaky, sweaty hands doesn't mean I will automatically go postal and cause trouble for you and your unborn grandchildren. A cafeteria worker can spit in the soup. A parking security wanker can key your new Astro. A disgruntled department head can arbitrarily black mark a borderline performance appraisal.

Screw this generalized dust-kickup of a 'study' and go talk to anyone you think just needs someone to listen. If they tell you they "can't talk...busy...voices said time to clean my guns", then you might want to restrict their security access for a while. Otherwise, treat them like humans and stop watching for signs the sky is getting ready to fall.

"Macleod concluded: "So as far as doing the right thing, I'd suggest that you start from the basis that your IT staff are the biggest risk to your organization's security, and if anyone of them disputes this, remember that arguing with colleagues was one of the clear signs of an impending attack."

Wow.

It seems a defensive reaction to being indirectly labeled a crook by your boss would be natural, even for honest employees. How about skipping the threatening rhetoric, and just implementing an automated password management policy. If your IT folks are worth their salt, they'll "get it" without having to be called criminals. If you skip the indirect threats, and they argue against an automated password management policy alone, then maybe you should worry.

And I said, I don't care if they lay me off either, because I told, I told Bill that if they move my desk one more time, then, then I'm, I'm quitting, I'm going to quit. And, and I told Don too, because they've moved my desk four times already this year, and I used to be over by the window, and I could see the squirrels, and they were married, but then, they switched from the Swingline to the Boston stapler, but I kept my Swingline stapler because it didn't bind up as much, and I kept the staples for the Swingline stapler and it's not okay because if they take my stapler then I'll set the building on fire...

What about workers who are routinely abused? Workers who are pushed to make themselves desperate (financially desperate, usually) to keep the job so they can be treated like slaves, and who are then forced to work long hours for no extra pay because they're salaried, constantly threatened with termination, blamed for problems but denied power to deal with them, and so on, did the study account for that? Doesn't look like the study did. Study talks about "work behavior" but not "work treatment", as if companies have no effect on whether a worker would want to sabotage something.

Ignoring signs-- signs such as a person coming in late who had always come in on time in the past-- is a sure invitation to trouble. People who feel they can't communicate one way will communicate another way. Maybe before concluding that someone who is causing "trouble" better be escorted off the premises in handcuffs before they can do real damage, management ought to try a few other things first. Like, listen in such a way that workers feel they can speak openly. And removing the temptation. If a nuclear missile could be launched with the push of one button, it probably would've happened. Good thing the missiles require several keys, codes, and such like.

Those who are capable of wrecking systems thoroughly are usually also smart enough not to show signs that they are willing to do so... The ones who grumble and complain need to be shown the door before they wreak havoc or, pacify them. It's the non-complainers you need to make sure are really happy because if they're not...you could be screwed.

"almost always IT workers who are disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly."Disgruntled = Management listens to outside consultants and does random IT stuff instead of listening to our advice? Check.Paranoid = Teaching outside consultants every detail about my job. Check.Late = Stay up late playing computer games. Check.Argumentative = Learned about this one years ago. No Check. WHEW!Poor Performer = Sarbanes Oxley procedures in place lowering p

So as far as doing the right thing, I'd suggest that you start from the basis that your IT staff are the biggest risk to your organization's security, and if anyone of them disputes this, remember that arguing with colleagues was one of the clear signs of an impending attack.

Gotta love the logic here. Even if I *was* shopping for password management tools I wouldn't buy one from that guy just based on that statement.

Research discovers that asshole managers lead to pissed off employees who end up not doing their jobs as well, or with as much loyalty as those who have managers who actually treat their employees with respect.

Cure - kill the asshole managers. (Remember, the study was sponsored by the Military - that is their typical response to a problem isn't it?)

I know that a lot of you out there will be thinking, "hell ya, it is managements fault we are treating like this so lets get back at them but destroying their systems."

Believe me guys that is not the case, the only people you hurt are your co-workers. I joined a company where a lot of the Admin stuff were fired. Some of them left nice little surprises that went off a couple of days later. Guess who was there until 3am in the morning putting everything back together? I can tell you it wasn't the managers. I can also tell you that those guys that got fired lost many good friends the day they did that and a lot of hard earned respect. Most of them are still looking for jobs a year later as NO ONE from their previous job (which many had held for 6+ years) will give them a good reference anymore because of their actions.

So my point is that if you are pissed off at management then complain or leave. Don't destroy things as it only hurts your co-workers not management.

The research suggests that potential troublemakers should be easy to spot. Nearly all the cases of cybercrime investigated were carried out by people who were "disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly."

How exactly does that make these people easy to spot? What distinguishes them from anyone else fired from an IT position?This article stinks.

Macleod concluded: "So as far as doing the right thing, I'd suggest that you start from the basis that your IT staff are the biggest risk to your organization's security, and if anyone of them disputes this, remember that arguing with colleagues was one of the clear signs of an impending attack.

I wouldn't recommend taking that attitude with ANY branch of your organization unless you're looking for a fight. Oh no! I might be one of them!

A little heavy handed perhaps?... this guy sounds like a power tripping fuckwit. Tell a subset of your workers they the greatest risk to the security of the company then monitor them to see which ones react badly?

No Shinola, Sherlock!

"Anybody who disagrees with me is a threat to the company who should immediately be fired."

Even a PHB should be able to recognize THAT one.

But watch the ones who don't see through it start hamstringing their IT departments, firing their best IT people and executive-suite sanit